Forcing password change on new users...
Henry Spencer
henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
Thu Jan 13 16:41:50 UTC 2005
On Thu, 13 Jan 2005, Lennart Sorensen wrote:
> Or you configure pam to enforce certain rules on minimum length, mixed
> numbers, symbols, letters, etc. Pam can even run a cracklib pass on the
> password before deciding if it is good enough.
The downside of this is that the harder you make it for people to choose
memorable passwords that satisfy the rules, the more certain it is that
when they finally get a password accepted, they will (a) write it down,
and (b) use minor variations on it thereafter instead of making up new
ones. Both of those practices are distinctly detrimental to security.
"If you make it too hard to unlock the door, people *will* prop it open."
Sometimes maximum *real* security comes at a point well short of maximum
*theoretical* security. It's important to understand the difference.
Henry Spencer
henry-lqW1N6Cllo0sV2N9l4h3zg at public.gmane.org
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list